You need to define a mapper in our SAML identity provider config to import the things you want.

On 4/18/2016 1:04 PM, Jason Hobbs wrote:
I'm trying to use ADFS as a SAML identity provider, then use OIDC to authenticate an application on JBoss EAP.

The IDP redirects to AD and back to Keycloak seem to work fine, and a list of groups is provided as an assertion.  When I debug within the protected application, however, the groups from the SAML assertion are not passed through.  If I make a role in Keycloak and manually assign it to a user, it does get passed through.  

Is this something that should be supported and I'm just not configuring something right?

Environment: Keycloak 1.9.2.Final running on OpenShift Enterprise 3.1.

----

Jason Hobbs

Lead Engineer Shop Floor Systems

Email: Jason.Hobbs@shawinc.com  |  Office: (706) 532-3858  |  Calendar

Shaw Industries Group Inc.  |  201 S. Hamilton St., Dalton, GA 30720  |  MD 0IS-01  |  shawfloors.com

**********************************************************
Privileged and/or confidential information may be contained in this message. If you are not the addressee indicated in this message (or are not responsible for delivery of this message to that person) , you may not copy or deliver this message to anyone. In such case, you should destroy this message and notify the sender by reply e-mail.
If you or your employer do not consent to Internet e-mail for messages of this kind, please advise the sender.
Shaw Industries does not provide or endorse any opinions, conclusions or other information in this message that do not relate to the official business of the company  or its subsidiaries.
**********************************************************



_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com